Bug 1593760 [wpt PR 20073] - Restrict [un]registerProtocolHandler to secure contexts, a=testonly

Automatic update from web-platform-tests Restrict [un]registerProtocolHandler to secure contexts The registerProtocolHandler() and unregisterProtocolHandler() functions should only be permitted for secure contexts. When called on non-secure contexts, a SecurityError should be thrown. Bug: 882284 Change-Id: Iacf3d31f80f5118e9e9aacad2c99a0111d6e7cc5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1892213 Reviewed-by: Gyuyoung Kim <gyuyoung@igalia.com> Reviewed-by: Tarun Bansal <tbansal@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Eric Lawrence [MSFT] <ericlaw@microsoft.com> Cr-Commit-Position: refs/heads/master@{#717501} -- wpt-commits: 6ac865ab791bb845839701ac1c99c2ed5ab10c4e wpt-pr: 20073
2019-11-26 11:27:44 +00:00 · 2019-11-26 11:27:44 +00:00 · ea639f69db
--- a/testing/web-platform/tests/html/dom/usvstring-reflection.https.html
+++ b/testing/web-platform/tests/html/dom/usvstring-reflection.https.html
@ -107,12 +107,12 @@ test(() => {
 test(() => {
  // This shouldn't throw an exception.
  window.navigator.registerProtocolHandler('web+myprotocol', "custom-scheme\uD800/url=%s", "title");
-}, "RegisterPtotocolHandler URL: unpaired surrogate codepoint should not make any exceptions.")
+}, "RegisterProtocolHandler URL: unpaired surrogate codepoint should not make any exceptions.")

 test(() => {
  // This shouldn't throw an exception.
  window.navigator.unregisterProtocolHandler('web+myprotocol', "custom-scheme\uD800/url=%s");
-}, "UnregisterPtotocolHandler URL: unpaired surrogate codepoint should not make any exceptions.")
+}, "UnregisterProtocolHandler URL: unpaired surrogate codepoint should not make any exceptions.")

 test(() => {
  var w = window.open("about:blank#\uD800");
--- a/testing/web-platform/tests/html/webappapis/system-state-and-capabilities/the-navigator-object/protocol.https.html
+++ b/testing/web-platform/tests/html/webappapis/system-state-and-capabilities/the-navigator-object/protocol.https.html
@ -21,7 +21,7 @@ test(() => {
 }, 'the unregisterProtocolHandler method should exist on the navigator object');

 /* URL argument */
-const vaild_urls = [
+const valid_urls = [
  '%s',
  location.href + '/%s',
  location.href + '#%s',
@ -31,7 +31,7 @@ const vaild_urls = [
  location.href + '/%s/bar/baz/?foo=1337&bar#baz',
  location.href + '/%s/foo/%s/',
 ];
-for (const url of vaild_urls) {
+for (const url of valid_urls) {
  test(() => {
    navigator.registerProtocolHandler('tel', url, 'foo');
  }, 'registerProtocolHandler: Valid URL "' + url + '" should work.');
@ -61,7 +61,7 @@ for (const url of invalid_urls1) {
  }, 'unregisterProtocolHandler: Invalid URL "' + url + '" should throw SYNTAX_ERR.');
 }

-const invaild_urls2 = [
+const invalid_urls2 = [
  'http://%s.com',
  'http://%s.example.com',
  'http://example.com/%s',
@ -70,7 +70,7 @@ const invaild_urls2 = [
  'mailto:%s@example.com',
  'mailto:%s',
 ];
-for (const url of invaild_urls2) {
+for (const url of invalid_urls2) {
  test(() => {
    assert_throws('SECURITY_ERR', () => { navigator.registerProtocolHandler('mailto', url, 'foo'); });
  }, 'registerProtocolHandler: Invalid URL "' + url + '" should throw SECURITY_ERR.');
@ -84,7 +84,7 @@ for (const url of invaild_urls2) {

 /* Overriding any of the following protocols must never be allowed. That would
 * break the browser. */
-const blacklist = [
+const denylist = [
  'about',
  'attachment',
  'blob',
@ -124,13 +124,13 @@ const blacklist = [
  'tel:sip',
  'web+',
 ];
-for (const scheme of blacklist) {
+for (const scheme of denylist) {
  test(() => {
    assert_throws('SECURITY_ERR', () => { navigator.registerProtocolHandler(scheme, location.href + '/%s', 'foo'); });
  }, 'registerProtocolHandler: Attempting to override the "' + scheme + '" protocol should throw SECURITY_ERR.');

  test(() => {
-    assert_throws('SECURITY_ERR', () => { navigator.unregisterProtocolHandler(scheme, location.href + '/%s', 'foo'); });
+    assert_throws('SECURITY_ERR', () => { navigator.unregisterProtocolHandler(scheme, location.href + '/%s'); });
  }, 'unregisterProtocolHandler: Attempting to override the "' + scheme + '" protocol should throw SECURITY_ERR.');
 }

@ -161,7 +161,7 @@ const safelist = [
  'webcal',
  'wtai',
  'xmpp',
-  /*other vaild schemes*/
+  /*other valid schemes*/
  'BitcoIn',
  'Irc',
  'MagneT',
--- a/testing/web-platform/tests/html/webappapis/system-state-and-capabilities/the-navigator-object/secure_context.html
+++ b/testing/web-platform/tests/html/webappapis/system-state-and-capabilities/the-navigator-object/secure_context.html
@ -0,0 +1,18 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script>
+    test(t => {
+      assert_false('registerProtocolHandler' in navigator);
+      assert_equals(navigator.registerProtocolHandler, undefined);
+    }, "navigator.registerProtocolHandler does not exist in non-secure contexts.");
+
+    test(t => {
+      assert_false('unregisterProtocolHandler' in navigator);
+      assert_equals(navigator.unregisterProtocolHandler, undefined);
+    }, "navigator.unregisterProtocolHandler does not exist in non-secure contexts.");
+  </script>
+</head>
+</html>